By: Martin M. Shenkman, CPA, MBA, JD
Under HIPAA, the Health Insurance Accountability Act a medical provider that must address the HIPAA rules is referred to as a â€œCovered Entityâ€. This can include any organization (health plan, health care provider, or health clearing house) that routinely handles Protected Health Information, "PHI", in any capacity is probably characterized as a â€œcovered entityâ€. A covered entity must provide info to its patients about their privacy rights and how their PHI can be used (notice of privacy practices). It must adopt clear and appropriate privacy policies and procedures for its practice, hospital, or plan. It must train its workforce to understand its privacy procedures. A covered entity must designate a privacy officer responsible for assuring that privacy procedures are adopted and followed. A covered entity must also adopt adequate security procedures for patient records containing individually identifiable PHI.
Subscribe to our email list to receive information on consumer webcasts and blogs, for practical legal information in simple English, delivered to your inbox. For more professional driven information, please visit Shenkman Law to subscribe.